1.题目
from Cryptodome.Cipher import AES
import os
import gmpy2
from flag import FLAG
from Cryptodome.Util.number import *
def main():
key=os.urandom(2)*16
iv=os.urandom(16)
print(bytes_to_long(key)^bytes_to_long(iv))
aes=AES.new(key,AES.MODE_CBC,iv)
enc_flag = aes.encrypt(FLAG)
print(enc_flag)
if __name__=="__main__":
main()
91144196586662942563895769614300232343026691029427747065707381728622849079757
b'\x8c-\xcd\xde\xa7\xe9\x7f.b\x8aKs\xf1\xba\xc75\xc4d\x13\x07\xac\xa4&\xd6\x91\xfe\xf3\x14\x10|\xf8p'
2.复现
key是32位bytes 256位bits iv是16位bytes 128位bits,所以异或的结果高16为bytes、128位bits不变,key又是两个bytes重复16次所以,它的高128位bits和低128位bits是一样的 然后再把key异或x就得到了iv
from Crypto.Cipher import AES
from Crypto.Util.number import*
import os
import gmpy2
x=91144196586662942563895769614300232343026691029427747065707381728622849079757
c=b'\x8c-\xcd\xde\xa7\xe9\x7f.b\x8aKs\xf1\xba\xc75\xc4d\x13\x07\xac\xa4&\xd6\x91\xfe\xf3\x14\x10|\xf8p'
x=long_to_bytes(x)
key=x[:16]*2
iv=bytes_to_long(x)^bytes_to_long(key)
iv=long_to_bytes(iv)
aes=AES.new(key,AES.MODE_CBC,iv)#iv,key的类型为bytes
flag=aes.decrypt(c)
print(flag)
# b'actf{W0W_y0u_can_so1v3_AES_now!}'